ESXI-65-000015 - The ESXi host SSH daemon must not allow authentication using an empty password.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Configuring this setting for the SSH daemon provides additional assurance that remote login via SSH will require a password, even in the event of misconfiguration elsewhere.

Solution

From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in '/etc/ssh/sshd_config':

PermitEmptyPasswords no

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y20M04_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5, CAT|I, CCI|CCI-000366, Rule-ID|SV-104063r1_rule, STIG-ID|ESXI-65-000015, Vuln-ID|V-93977

Plugin: Unix

Control ID: 11e3577a2fee00f054c4dd80abc6a14f85f55088e39d1a8b5a1932e752183583